Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [20 Dec 2025]

admin
Cybersecurity News | Daily Recap [20 Dec 2025]

Daily Recap, China-aligned APT groups abused Windows Group Policy to deploy espionage malware against governments in Southeast Asia and Japan. Other highlights include Russia accused by Denmark of destructive attacks amid Europe’s hybrid threats and North Korea-linked cybercrime with more than $3.4 billion stolen in crypto, alongside widespread vulnerability disclosures and credential-theft campaigns. #ChinaAPT #NKSurge

Nation-state & APT Activity

  • China-aligned groups abused Windows Group Policy to deploy espionage malware against governments in Southeast Asia and Japan, using stealthy deployment techniques – China APT, China APT, China APT
  • Russia accused by Denmark of conducting destructive cyberattacks amid rising hybrid threats across Europe – Denmark-Russia
  • RAT malware linked to suspected foreign interference was discovered on a ferry, prompting France to allege meddling – Ferry RAT
  • North Korea-linked cybercrime remains prolific, with reports citing over $3.4 billion stolen in crypto in 2025 and Amazon blocking 1,800 suspected DPRK fake IT applicants – NK Surge, NK Surge, NK Surge

Vulnerabilities & Patches

  • CVE-2025-40602 in SonicWall appliances was found exploited in the wild and has now been patched — apply vendor updates immediately – SonicWall CVE
  • The Motors WordPress plugin contains a flaw that can expose sites to takeover and should be patched to prevent hijacking – Motors WP
  • A UEFI vulnerability affecting ASRock, ASUS, GIGABYTE, and MSI motherboards allows early-boot DMA attacks due to misconfigured IOMMU, requiring firmware fixes – UEFI DMA

    • <li(Chinese) attackers are exploiting a zero-day in Cisco Email Security products, raising urgency for mitigations and vendor fixes – Cisco Zero-day

  • Windows 10 received an out‑of‑band update to fix issues in MSMQ (Message Queuing) that were impacting affected systems — administrators should install the patch – Windows MSMQ

Malware, Ransomware & Phishing

  • Clop ransomware is targeting Gladinet CentreStack servers to steal data for extortion, compromising backup and file-storage systems – Clop Attacks
  • New password-spraying campaigns are targeting Cisco and Palo Alto VPN gateways to harvest credentials and gain remote access – Password Spraying
  • The November 2025 phishing trends report from ASEC highlights evolving email phishing techniques and targeted lures used by threat actors – Phishing Report
  • University of Sydney disclosed a data breach exposing student and staff information, prompting remediation and notifications – Sydney Breach

Law Enforcement Actions

  • The DOJ announced a takedown of an alleged laundering platform used by ransomware and other cybercriminal groups to cash out crypto proceeds – DOJ Takedown
  • Nigeria arrested a developer linked to the RaccoonO365 phishing kit used in Microsoft 365 credential-theft campaigns, disrupting a key phishing tool supply – Nigeria Arrest

Policy & Legal

  • Austria’sMeta to change its personalized ad practices, signaling wider implications for targeted advertising across the EU – Austria Ruling
  • India’s DPDP ActIndia DPDP

Cybersecurity News | Daily Recap – hendryadrian.com

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint